ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: January 2026, Week 1
2026.01.14

☑️ Weekly Darkweb – January Week 1, 2026



🔍 Data of US Automaker C Leaked on Dark Web, Linked to Ransomware Attack


• On January 4, a post distributing approximately 1TB of data of U.S. automaker company C was identified on the Russian dark web hacking forum ‘Exploit.’


• Forum user ‘Everestgroup’ claimed the leaked data contains personal information such as names, phone numbers, addresses, and emails, as well as employee work records including call records, call status, and vehicle status, covering the period from 2021 to 2025.


• On January 7, an identical leak post was uploaded on the dark web hacking forum ‘BreachForums.’ The seller ‘ByShenron’ claimed the data originated from the Everest ransomware gang.


→ Previously, on December 25, company C was listed as a victim on the Everest ransomware gang’s leak site. On January 4, the ransomware gang released all exfiltrated data, citing company C’s failure to make contact before the deadline, and announced plans to distribute the data across multiple hacking forums and data breach sites.



🔍 950,000 Personal Data of Russian Bank T’s Customers for Sale on Dark Web


• On January 4, a post offering a database of Russian bank T’s customers was uploaded on the dark web hacking forum ‘DarkForums.’


• The data for sale includes sensitive financial and personal information of approximately 950,000 customers, including full names, phone numbers, cities of residence, card types, and transaction history.


• The seller released screenshots of the admin interface and data samples to prove authenticity and is accepting offers for bulk purchase via Telegram and Session.


• Bank T is one of the 13 Systemically Important Credit Institutions (SICIs) designated by the Central Bank of Russia and operates as a digital-only bank without physical branches, playing a key role in the national economy (Source: Russian media AK&M).



🔍 Singaporean InsurTech Firm B Faces Data Leak by Everest Ransomware Gang


• On January 5, Singaporean InsurTech firm B was listed on the leak site operated by the Everest ransomware gang.


✓ Founded in 2020, company B operates a platform connecting insurers, partners, and customers and collaborates with more than 230 insurance companies across 36 countries.


• The ransomware gang claimed to have stolen personal data of employees and customers, insured property addresses, financial information, and internal operator identifiers, and uploaded five sample images as evidence.


• Attacks on platform providers that connect multiple stakeholders, including InsurTech firms, can lead to third-party data exposure, underscoring the need for heightened security vigilance.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260111_EN.pdf
Threat Intelligence Reports
Threat Group Profiling: Everest
2026.01.13
Previous
Threat Intelligence Reports
Threat Group Profiling: LockBit 5.0
2026.01.20
Next
List